Description

Keycloak 18 was updated to follow the RP initiated logout specification, deprecating the support for the legacy redirect_uri parameter on the logout endpoint. Support for this backwards compatibility mode should be removed at some point.

Details

Removing this will require:

• Update of the LogoutEndpoint.logout() method and remove support for "redirect_uri" parameter of this method
• Removing method RedirectUtils.verifyRealmRedirectUri(KeycloakSession session, String redirectUri) (which is already deprecated in Keycloak 18). And remove some other private method in the RedirectUtils class, which is used by the removed verifyRealmRedirectUri .
• Remove configuration option OIDCLoginProtocolFactory.CONFIG_LEGACY_LOGOUT_REDIRECT_URI and OIDCLoginProtocolFactory.SUPPRESS_LOGOUT_CONFIRMATION_SCREEN from OIDCLoginProtocolFactory and this constant. This also means reverting changes introduced by suppress confirmation screen for logout in oidc with new flag #13471 . Probably whole class OIDCProviderConfig can be removed in this case (unless we have some other configuration option to OIDCLoginProtocolFactory added in the meantime)
• Remove LegacyLogoutTest
• Remove system property config option from the keycloak-server.json in the testsuite
• Documentation will need to be updated (Upgrading guide) about the fact that the options, which were deprecated in Keycloak 18 and 19.0.2, are removed now.

Will be good to discuss with @sschu and/or @bs-matil before removing this.